[Standards] Correction to 3290bis4

Alexey Melnikov alexey.melnikov at isode.com
Fri Nov 2 08:44:11 UTC 2007


Peter Saint-Andre wrote:

>Toly Menn wrote:
>  
>
>>Also, section 7.3.4 indicates that the receiving end of the
>>connection SHOULD allow at least 2 and no more then 5 retries from
>>the abort.  Does this make sense for s2s connections?  EXTERNAL
>>mechanism?
>>    
>>
>That rule (which IIRC we borrowed from RFC 4422) may not make sense for
>all SASL mechanisms or for s2s connections.
>
Agreed.

>However, for c2s connections
>it may make sense for SASL EXTERNAL because end users can have multiple
>certificates (I know I do).
>
As a side note: how do you select a particular certificate using SASL 
EXTERNAL? Are you using different authorization identity in a hope that 
the server end will match it against the correct client certificate.





More information about the Standards mailing list